EUVD-2025-209559

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...

CVE-2025-13941

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which...

CVE-2025-13941 Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which...

EUVD-2025-204428

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which...

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1206)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1206 advisory. - In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrad...

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-58097

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege...

CVE-2025-12100 MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...

Unity Linux 20.1070e Security Update: flatpak (UTSA-2025-680646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680646 advisory. Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions...

AMD Optimizing CPU Libraries 安全漏洞

AMD Optimizing CPU Libraries is a suite of mathematical function libraries from UltraMicroelectronics AMD. A security vulnerability exists in AMD Optimizing CPU Libraries, which stems from improperly setting the default permissions of the installation directory, which could lead to elevation of...

AMD μProf 安全漏洞

AMD μProf is a software analysis tool from Ultra Micro Semiconductor AMD. A security vulnerability exists in AMD μProf that stems from incorrect default permissions in the installation directory, which could allow an attacker to achieve elevation of privilege, leading to arbitrary code execution...

CVE-2023-23059

An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges...

CVE-2022-42718

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface CLI may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-29376

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory...

CVE-2022-28999

Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe...

DEBIAN-CVE-2021-43860

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a...

CVE-2021-42954

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group non-admin or any guest users, thereby allowing privilege...

XeroSecurity Sn1per 安全漏洞

XeroSecurity Sn1per is a persistent attack surface management ASM platform. A security vulnerability exists in XeroSecurity Sn1per version 9.0 that stems from the software setting insecure directory permissions 0777 during installation, which allows an unprivileged user to modify the main...

rpm 后置链接漏洞

rpm is a powerful command-line driven package management tool used to install, uninstall, verify, query and update packages on Linux systems. A security vulnerability exists in rpm that originates from a symbolic link issue that occurs when rpm sets the required permissions and credentials after...

UBUNTU-CVE-2019-17383

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem...